The Macintosh Webmaster Forum

This morning I stated getting a LOAD of requests for my apple-touch-icon.png file, which I've never bothered to make. I used to get a few. So those requests just all get 404'd. No biggie. But why am I suddenly getting lots and lots of such requests? Now, if it were an aggressive bot, you'd think it would be from one IP, but it's from many many different IPs. Is this some kind of malicious attack? Or does the world suddenly want to bookmark my site on their mobile devices?

Now, it's frankly easier just to let them get 404s but, just for fun, I made up a apple-touch-icon.png file, and put it in my site root directory, right where my favicon.ico file is. But those requests for it (GET /apple-touch-icon.png HTTP/1.1) are still getting handed 404s. Why aren't people getting that apple-touch-icon.png file? I'm confused.

Thanks. It's just a server for presentation files -- pdfs and ppts, so no "mobile version" is needed. Now, that being the case, and since I never made any changes to it, why the hell am I suddenly getting bombarded by bots looking for that icon?

Now, if the requests all look like "GET /apple-touch-icon.png HTTP/1.1", isn't this what might be posted in my HEAD? That is, something like

<link rel="apple-touch-icon" href="./apple-touch-icon.png">

But my understanding is that if I want this icon to apply to the whole site, and not just a particular page, I don't need that line.

The <link rel> line is optional, just like favicon.ico. If a user-agent has no information to the contrary, it will look for it in the root. So a request for

/apple-touch-icon.png

will get a file located at

example.com/apple-touch-icon.png

Are the requests coming in for this exact form of the name? All variations, like -57x57- and -precomposed, are separate files with separate requests. There's a standard list that user-agents go through if they don't find their first choice. (That's the main reason for the <link rel lines: so the browser doesn't have to go through a whole trial-and-error checklist.)

It's definitely mystifying if they're getting a 404 on requests for files with the exact name and location of the one that really does exist. So double-check this part.

Now, I don't quite understand. To what extent are those requests pointing at "mysite"? Which site are they pointing at? There are several sites on this machine in different accounts, and those probably don't have apple-touch-icon.png files. I'm beginning to think all those requests aren't even aimed at this website, but are aimed at the computer.

If they are pointed at root, where exactly are the root icon files found?

Now, of course, if I'm suddenly getting a flood of apple-touch-icon.png requests aimed at my computer, rather than this website on it, they're almost certainly malicious.

I'm beginning to think all those requests aren't even aimed at this website, but are aimed at the computer.

Do you mean that you've got several domains living on the same server, and your logs agglomerate all the different hosts into a single file? Can't you change that so each hostname is logged separately?

In any case, you shouldn't allow people to visit using the bare IP. Redirect to some chosen hostname, or block outright.

Well, if people are trying to GET /apple-touch-icon.png, they sure aren't going into any of my root directories for my sites, where I keep all that other stuff (favicon, htaccess). My sites are organized by user names, as in mycomputer.com/~account1/mysite.html, and mycomputer.com/~account2/myothersite.html. Those sites reside in the folders ~account1/Sites and ~account2/Sites, which I guess you can call the root folders for each site.

I should have specified it, but this is Mac 10.6.8.

So when someone is trying to GET /apple-touch-icon.png on my machine, where exactly are they trying to get it from? From my / directory?

"root" = the directory that contains the index.html file that users see when they ask for the bare (sub)domain name.

where exactly are they trying to get it from? From my / directory?

Only you can answer that-- and then only if you first separate the logs so each hostname has its own file. Or set a logging level that shows the hostname as part of the log entry. (I don't speak Apache, so I would have to look up the terminology.)

Now that's where I need to put some kind of apple-touch-icon.png. Or I assume I can put a .htaccess there that shunts everyone trying to get anything there to my index file.

Of course, the other option is just to let these jerks who are trying to get the apple-touch-icon.png from my system web root directory continue to get 404'd. Doesn't bother me. Should it?

The vast number of GET /apple-touch-icon.png requests I saw this morning has dissipated (which is what I was originally asking about), and now I'm just getting one every once in a while. Would still be interesting to know what triggered that flood.